5b1bbf77c02e68b84ca6fff881d92792fbeff3d93e10f01ba9c78740a58c09e4

Analysis

max time kernel
12s
max time network
19s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
28/03/2025, 12:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe
Size

255KB
MD5

8aaf82aa134dad49fb143102969eb1f5
SHA1

1cd9b23c42bfc5b45c766fe3d1af350a37280c76
SHA256

5b1bbf77c02e68b84ca6fff881d92792fbeff3d93e10f01ba9c78740a58c09e4
SHA512

f9ab394dd58a57ceecf41b0ccd69c74788241a70422a6944a41f6ee408a54c40c54344cf280b7be800b4d62a272e2307f430bfba370dedd34295920f09877db8
SSDEEP

6144:h1OgDPdkBAFZWjadD4s5mM6JY3QbppBv7lsg2H:h1OgLdaOmbJY3qppBvhK

Score

7^/10

adware discovery spyware stealer upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x000500000001a46d-77.dat	acprotect

Executes dropped EXE 1 IoCs

pid	Process
2896	51480cc369462.exe

Loads dropped DLL 5 IoCs

pid	Process
2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe
2896	51480cc369462.exe
2896	51480cc369462.exe
2896	51480cc369462.exe
2896	51480cc369462.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops Chrome extension 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbhblonfldcbolkkonhimioiebbnmo\1\manifest.json	51480cc369462.exe

Installs/modifies Browser Helper Object 2 TTPs 3 IoCs

BHOs are DLL modules which act as plugins for Internet Explorer.

stealer adware

Modify Registry

T1112

Browser Extensions

T1176

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD9CD49A-5D90-D9EF-0855-978848F24838}	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BD9CD49A-5D90-D9EF-0855-978848F24838}\ = "GeeniUsaCoupOne "	51480cc369462.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{BD9CD49A-5D90-D9EF-0855-978848F24838}\NoExplorer = "1"	51480cc369462.exe

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a46d-77.dat	upx
behavioral1/memory/2896-80-0x0000000074E90000-0x0000000074E9A000-memory.dmp	upx

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	51480cc369462.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
behavioral1/files/0x0005000000019bf9-30.dat	nsis_installer_1
behavioral1/files/0x0005000000019bf9-30.dat	nsis_installer_2
behavioral1/files/0x000500000001a475-99.dat	nsis_installer_1
behavioral1/files/0x000500000001a475-99.dat	nsis_installer_2

Modifies registry class 45 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR\ = "C:\\ProgramData\\GeeniUsaCoupOne"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838}\ = "GeeniUsaCoupOne "	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\HELPDIR	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838}\InProcServer32\ = "C:\\ProgramData\\GeeniUsaCoupOne\\51480cc36949c.dll"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838}\InProcServer32\ThreadingModel = "Apartment"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS\ = "0"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\Version = "1.0"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ = "IIEPluginMain"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838}	51480cc369462.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838}\ProgID	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32\ = "C:\\ProgramData\\GeeniUsaCoupOne\\51480cc36949c.tlb"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\FLAGS	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\0\win32	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838}\InProcServer32	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ = "ILocalStorage"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\ = "{E2343056-CC08-46AC-B898-BFC7ACF4E755}"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838}\ProgID\ = "GeeniUsaCoupOne .1"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}\1.0\ = "IEPluginLib"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51480cc369462.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}\TypeLib\Version = "1.0"	51480cc369462.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2576 wrote to memory of 2896	2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe	30
PID 2576 wrote to memory of 2896	2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe	30
PID 2576 wrote to memory of 2896	2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe	30
PID 2576 wrote to memory of 2896	2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe	30
PID 2576 wrote to memory of 2896	2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe	30
PID 2576 wrote to memory of 2896	2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe	30
PID 2576 wrote to memory of 2896	2576	JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe	30

System policy modification 1 TTPs 2 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID	51480cc369462.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{BD9CD49A-5D90-D9EF-0855-978848F24838} = "1"	51480cc369462.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_8aaf82aa134dad49fb143102969eb1f5.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2576
- C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\51480cc369462.exe
  .\51480cc369462.exe /s
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops Chrome extension
  - Installs/modifies Browser Helper Object
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - System policy modification
  PID:2896

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Browser Extensions

T1176

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\GeeniUsaCoupOne\uninstall.exe

Filesize
48KB

MD5
f3c79bda3fdf7c5dd24d60400a57cadb

SHA1
1adb606aaeedb246a371c8877c737f0f8c798625

SHA256
a76272ed3bbf23308782a308d428ee805ec77fbb622a830af26cb0ddbbf7377b

SHA512
c43cb957bdea357bd016fe03a8004a48d8117a12106f62876394feba05ad01a321ff6017ffb7b926cc77712f5ab63ea2e4b169a419c444c8f62aa4933f289935

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\51480cc36949c.dll

Filesize
115KB

MD5
00ce3831a16a62c6d7ea4b21049e4b22

SHA1
3e48c8d25b196d67722ed20cd36bf3448a4c9136

SHA256
d4bb7937b36973cbf3b12c9500c25ed34103944a69bad9162f3b98f39474529c

SHA512
7633071b26d802aae1250111baa40e5158fb1a1639d76098f2ecd6263adf0e6371d5e9a70d9005b267cb907da84235f4e361f8c8a75b8adbd19a049ab1227619

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\51480cc36949c.tlb

Filesize
18KB

MD5
d5980ff8eb0ef4276fad96fba8fc5018

SHA1
2cb05f8b43aa3ae2f5492f590997eec6ff808fe2

SHA256
ac3a1daa32b1c489f9c2f4413ab35c4fc90b54a52ede0fb53276666e6eeef16f

SHA512
30404f467dd727a7de132fb08cd3c88abf5fb2e7ef18f24af5371b63fd106d6d5757061ec55c7b54daf9844100280670bf2b22a71c89b160048552b5eec12d0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\bppbhblonfldcbolkkonhimioiebbnmo\51480cc3692928.53834235.js

Filesize
4KB

MD5
39689c2f3f6f6d5d4d6606cb91653ae1

SHA1
d5d8591c3cee21bc0bddb201371c8cf4f98986e9

SHA256
8e1bfa5dab90c945095cc9fcabda0f5b4ac5b5f7098236b15a4720e5b914590d

SHA512
bc852da5ccc73ea2731bae42960e7f4712dadcd042c3a622bc4c82d8df339110ee54fe16fc3c8330e684339f0869e8bf1ade0c9b4a6046ba26954ffe7ba1b0a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\bppbhblonfldcbolkkonhimioiebbnmo\background.html

Filesize
161B

MD5
6b33c7242ca4e1f1d15d10f7b663c5b0

SHA1
dd7a28fc787c1b1f8b5cf30793e7564c09fee759

SHA256
b5b4878e860fa926a160401216a9251f11f3789297f80b2bfcc4c67fda491448

SHA512
a5050b2f63fc9c1a32825c4309a60807be0ac0c676d0bc82ed14fccd5652f397852d612d233b220cf470c2e7865d73f746b0043d8faee347a696ed6220961ec2

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\bppbhblonfldcbolkkonhimioiebbnmo\content.js

Filesize
197B

MD5
5f9891607f65f433b0690bae7088b2c1

SHA1
b4edb7579dca34dcd00bca5d2c13cbc5c8fac0de

SHA256
fb01e87250ac9985ed08d97f2f99937a52998ea9faebdc88e4071d6517e1ea6b

SHA512
76018b39e4b62ff9ea92709d12b0255f33e8402dfc649ed403382eebc22fb37c347c403534a7792e6b5de0ed0a5d97a09b69f0ffc39031cb0d4c7d79e9440c7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\bppbhblonfldcbolkkonhimioiebbnmo\lsdb.js

Filesize
559B

MD5
209b7ae0b6d8c3f9687c979d03b08089

SHA1
6449f8bff917115eef4e7488fae61942a869200f

SHA256
e3cf0049af8b9f6cb4f0223ccb8438f4b0c75863684c944450015868a0c45704

SHA512
1b38d5509283ef25de550b43ef2535dee1a13eff12ad5093f513165a47eec631bcc993242e2ce640f36c61974431ae2555bd6e2a97aba91eb689b7cd4bf25a25

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\bppbhblonfldcbolkkonhimioiebbnmo\manifest.json

Filesize
509B

MD5
06501897f06ef1646279a039f26953eb

SHA1
28be7faabf22bac9083b5138984a82fc697717b8

SHA256
a54743499dc46877b6e4043a60b8c8c0aef45111555e8c75dd0d877de4593aa4

SHA512
98d05c49b3adf418b6fc630c55341529fc5af47c5636c7553726873b2bff81a0493850c37f03b8173779a465012dc42e4314fe374f91f50e6422e34c2927260f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\bppbhblonfldcbolkkonhimioiebbnmo\sqlite.js

Filesize
1KB

MD5
681d03109d7ce5da842e6004067839a8

SHA1
6b4697fbfd41f7e086085e388d20c693d107ff5b

SHA256
f0fa848e1cafda77c2d9e4e5faf151443ae42dff50c0493e0b6d7ed5cef12ab8

SHA512
2f129bd2b528e18df976b9961cba88a3becc01d1bf84e32d55566e105e8e8ed859fa6ff19bafba41663c887cbf73603561692e1bae24bdd51761db0e95526576

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\[email protected]\bootstrap.js

Filesize
2KB

MD5
5d41c957de1b2c1ce4a16198311e101a

SHA1
5ae8f36caeda1265b6d60799babf52e8500416bf

SHA256
e91eeb6265114981788362627481b8c02aa186801723a582f9aa97466a547418

SHA512
0c75f46f5f5d1008c2a65a0c80f3c6773d4b0d2854fd18f21af89b1257929132c20ebcf22d28106bb854a43153e9f6bfe947debb14ae5c64f66ee18a5b84e8ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\[email protected]\chrome.manifest

Filesize
116B

MD5
c1d48efc7142cc49002223eb680a81a5

SHA1
0969cc67a1b6d5b0bcba599248edea9d831f8db9

SHA256
eb5a7697874b4d2d482926df142c24e8e9be461b5910cd07fe9ef4a3d501c3d3

SHA512
94953c4e2ce01b196ce51f9da4535ad1dc3f758e50c7c8f75212974a89e20a4b509b8c77ac00873f6ab85b9922a7962e0dd548fb06d75e176270baf2e538ac40

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\[email protected]\content\bg.js

Filesize
8KB

MD5
c5f427b8eaa61ad615622835b57b0aa2

SHA1
ae8af81be7dad3583d008a189ba4dce7f5122a91

SHA256
a1df1e460a2cab5ba0ce95014b8da573a2488bcc0323155948822a69fab85b67

SHA512
44a84f53ac0dfab223edcf1f9c6ac894d72688842e2e59919cd86559830ead7214931675a99e79d5ff536cd70d349789153fefa4fd174cca31751d5ca90f5c07

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\[email protected]\content\zy.xul

Filesize
225B

MD5
9b2f2434292b2e8cbd5f868490d100d0

SHA1
a11a18aca13c366e7f3f7e3c4bc2d724f086a21b

SHA256
e3610689a0f248b27b6f5151e5fbf51e8ef736c71a1272393e1189dfb8791d19

SHA512
6988f55d85f4a4bea30983302bd4f2698ac3f45cbc01e2f3dd26759d8fb0d69ba5ce7c033f2cec0486896741a4c26b1f8651e084be0f44477ca2953116d7820a

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\[email protected]\install.rdf

Filesize
609B

MD5
38eaa75164b62145543d3e01dfa86970

SHA1
c32ecb6ad3f421304feba90cfc02e081c6f4f23c

SHA256
77edd171293bb91a132f81f61e12aaac1996f4af47f982a93e14e03199c0f0dc

SHA512
3ce4da3fde0480f9604d45e26aa52aa13ace4a2a2fd2345c58f96310adfbba6029f5df00d2264a7ef5a3077bdd7b1545c9509a0800f062f12414b23dce0169c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\settings.ini

Filesize
6KB

MD5
ccb8c1206207e169923d016dba4cec9a

SHA1
52543a7eb0a9e6c9454b5867f21ebd8ac98e6d96

SHA256
258107c7f888cc3872b2f52761a835db5ac4cc68377375c43656e7b0c9859a80

SHA512
a8ad4fa188bbf0a5f2678b97c69c4bb94e6a1a3051749190796c825fb13ea01e534420c1d42ea9919a824bb3a7d3d37a2619b7ad90ed0c6d9426885a26711551

Download Submit
\Users\Admin\AppData\Local\Temp\7zS9D29.tmp\51480cc369462.exe

Filesize
71KB

MD5
b78633fae8aaf5f7e99e9c736f44f9c5

SHA1
26fc60e29c459891ac0909470ac6c61a1eca1544

SHA256
d205693516dbaf34cfbd216e825190de4de1412e861bc9cb30ce863907b30d22

SHA512
3885b609269b26918ccfcd9069181168c12f4271b6bdfcc51afe176b2dd242d4c0953ac1a4ddaf25abcfaf28a0b694a6269d96ae39bb7b2db2f0140d2d60cd43

Download Submit
\Users\Admin\AppData\Local\Temp\nso9E91.tmp\UserInfo.dll

Filesize
4KB

MD5
7579ade7ae1747a31960a228ce02e666

SHA1
8ec8571a296737e819dcf86353a43fcf8ec63351

SHA256
564c80dec62d76c53497c40094db360ff8a36e0dc1bda8383d0f9583138997f5

SHA512
a88bc56e938374c333b0e33cb72951635b5d5a98b9cb2d6785073cbcad23bf4c0f9f69d3b7e87b46c76eb03ced9bb786844ce87656a9e3df4ca24acf43d7a05b

Download Submit
\Users\Admin\AppData\Local\Temp\nso9E91.tmp\nsJSON.dll

Filesize
7KB

MD5
b9cd1b0fd3af89892348e5cc3108dce7

SHA1
f7bc59bf631303facfc970c0da67a73568e1dca6

SHA256
49b173504eb9cd07e42a3c4deb84c2cd3f3b49c7fb0858aee43ddfc64660e384

SHA512
fdcbdd21b831a92ca686aab5b240f073a89a08588e42439564747cad9160d79cfa8e3c103b6b4f2917684c1a591880203b4303418b85bc040f9f00b6658b0c90

Download Submit
memory/2896-80-0x0000000074E90000-0x0000000074E9A000-memory.dmp

Filesize
40KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads